Overview

Introduction

The Alienvault Monitoring - Threats, Vulnerabilities and Reporting module provides you with the instructions and devices to develop your hands-on skills in the following topics:

  • Adding Users
  • Vulnerability Scanning for Threats Through AlienVault
  • Viewing the Threat Results
  • File Reporting
  • Dashboard Reporting

Lab time: It will take approximately 1 hour to complete this lab.

Exam Objectives

The following exam objectives are covered in this lab:

  • CS0-001 2.1: Given a scenario, implement an information security vulnerability management process
  • CS0-001 2.2: Given a scenario, analyze the output resulting from a vulnerability scan
  • CS0-001 4.3: Given a scenario, review security architecture and make recommendations to implement compensating controls

Exercise 1 - Adding AlienVault Users

In this exercise you will you will add a user to the AlienVault system through the dashboard interface.

In this exercise, you will learn the following:

  • Adding a new User

Typically, there will be a team of personnel working to secure an area, and they require different designations when completing tickets and roles in the company. Adding a new user will help aid and identify who has responsibility for different processes.

Exercise 2 - Vulnerability Scanning for Threats Through AlienVault

The advantage of scanning your devices is to find those weaknesses before the attackers do, giving you a chance to make configuration and security changes and prevent a loss of confidentially, integrity or availability.

In this exercise, you will learn the following:

  • Scanning with OpenVAS on AlienVault

AlienVault presents a useful interface that summarizes through a graphical display the list of vulnerabilities discovered by severity as well as affected services, systems, and networks.

The dashboard presents on the fly information about the status of scheduled, in progress, and past scans. It can then be decided whether you wish to re-run scans, change scan job ownership, modify scanning schedules, or even delete jobs which are no longer required or relevant to the current network assets/devices on the list.

Exercise 3 - Viewing the Threat Results

Reports are kept in a number of formats such as PDF and CSV formats to help integrate into business processes and present information in a rich, actionable environment by including detailed descriptions of vulnerability, insight into the root cause, and available workarounds.

In this exercise, you will learn the following:

  • Viewing the Scan Results

Detected threats will be placed onto the Dashboard for checks and remediation. These can be prioritized against those with the greatest concern.

Exercise 4 - File Reporting

All scans need to be documented and controlled typically by a policy. This helps to show that critical assets are being continuously checked for weaknesses but also acts a report to be shown to different authorities should the need arise.

In this exercise, you will learn the following:

  • Viewing and Saving File Reporting Types

AlienVault provides a number of formats and plenty of potential information to be carved from the reports.

Exercise 5 - Dashboard Events and SIEM Analysis

The Dashboard helps to summarize the same information but in a more interactive manner, it also assists with reporting the key information in a graphical manner and highlights the immediate threats typically through a “Top” screen event.

In this exercise, you will learn the following:

  • SIEM Events Analysis

The SIEM correlates those events where we can view the details further and in more depth.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.